CVE-2022-3401

Name of the Vulnerable Software and Affected Versions The Bricks theme for WordPress versions 1.2 to 1.5.3

Description The issue allows remote code execution due to the theme permitting site editors to include executable code blocks in website content. This is exacerbated by a missing authorization vulnerability, enabling authenticated attackers with minimal permissions to edit pages, posts, or templates and inject code execution blocks for remote code execution.

Recommendations For versions 1.2 to 1.5.3, update to a version that fixes the remote code execution and missing authorization vulnerabilities. At the moment, there is no information about a newer version that contains a fix for this vulnerability.